5.2
Data Type base64

5.2.1 RNC

5.3
Data Type boolean

Zero is false, anything else is true. As a result, the empty string is
considered true.

5.3.1 RNC

boolean = text

5.4
Data Type boolean_atoi

In short: A true or false value, after conversion to an integer.

Zero is false, anything else is true. The value is first converted to
an integer, as by the C `atoi' routine. This means that an empty string
is considered false.

5.4.1 RNC

boolean_atoi = text

5.5
Data Type ctime

In short: A date and time, in the C `ctime' format.

An example string in this format is "Wed Jun 30 21:49:08 1993\n".

5.5.1 RNC

ctime = text

5.6
Data Type type_name

In short: A name of a data type.

5.6.1 RNC

type_name = xsd:Name

5.7
Data Type integer

In short: An integer.

5.7.1 RNC

integer = xsd:integer

5.8
Data Type iso_time

In short: A date and time, in ISO 8601 format.

An example string in this format is "2011-11-08T19:57:06+02:00".

5.8.1 RNC

iso_time = text

5.9
Data Type levels

In short: A string that may include the characters h, m, l, g and d.

5.9.1 RNC

levels = xsd:token { pattern = "h?m?l?g?d?" }

5.10
Data Type name

In short: A name.

Typically this is the name of one of the manager resources, like a
task or target.

5.10.1 RNC

name = xsd:string

5.11
Data Type port

In short: A port.

5.11.1 RNC

port = xsd:token { pattern = "[0-9]{1,5}" }

5.12
Data Type user_list

In short: A space separated list of users.

5.12.1 RNC

user_list = text

5.13
Data Type oid

In short: An Object Identifier (OID).

5.13.1 RNC

oid = xsd:token { pattern = "[0-9\.]{1,80}" }

5.14
Data Type severity

In short: A severity score.

A severity score is a decimal number between 0.0 and 10.0 (inclusive) with
one digit after the decimal point or a special negative value
(-1.0, -2.0 or -3.0).
If a single severity score defines a constraint, e.g. on whether an
override applies, for values 0.0 and lower the severity must be equal
to match while for > 0.0 the compared value must be greater or equal.

5.17
Data Type task_status

5.17.1 RNC

5.18
Data Type task_trend

In short: The trend of results for a task.

5.18.1 RNC

task_trend = xsd:token { pattern = "up|down|more|less|same" }

5.19
Data Type threat

In short: A threat level.

Threat levels are a textual classification of severity scores only
supported for importing reports from OpenVAS-6 and older.
The use of these elements is deprecated as they are otherwise replaced by
severity elements, which should be used instead.

5.19.1 RNC

threat = xsd:token { pattern = "High|Medium|Low|Alarm|Log|Debug" }

5.20
Data Type time_unit

In short: A unit of time.

5.20.1 RNC

5.21
Data Type timezone

In short: A timezone.

The format of a timezone is the same as that of the TZ environment
variable on GNU/Linux systems. That is, the same value accepted by the
tzset C function. There are three versions of the format. Note the lack
of spaces in the examples.

7.1.3 Example: Authenticate with a bad password

7.2
Command commands

In short: Run a list of commands.

The client uses the commands command to run a list of commands. The
elements are executed as OMP commands in the given sequence. The reply
contains the result of each command, in the same order as the given
commands.

7.4
Command create_config

With a copy element. The new config is a copy of the existing
config, with the given name.

With an embedded get_configs response element. The config is
created as defined by the get_configs response element. Name is
actually optional in this case. The config is given the name of
the config in the get_configs response. If there is already a
config with this name, then a number is attached to the name to
make it unique.

7.8
Command create_lsc_credential

In short: Create an LSC credential.

The client uses the create_lsc_credential command to create a new
LSC credential.

If the command includes a key, then the manager creates a key-based
credential from the key. If the command includes a password, then
the manager creates a password only credential. Otherwise the
manager autogenerates a key-based credential.

7.49.3 Example: Empty the trashcan

7.50
Command get_agents

The client uses the get_agents command to get agent information.
If the command sent by the client was valid, the manager will
reply with a list of agents to the client.

If the request includes a format then the agents in the response
include installer elements, otherwise they include trust state and
time. If the details attribute is set, the response will include
the installer.

7.56
Command get_info

In short: Get information for items of given type.

The client uses the get_info command to get information about
static data from an external source, like CVE or CPE.
If the command sent by the client was valid, the manager will
reply with a list of info elements of a given type to the client.

7.59
Command get_nvts

In short: Get one or many NVTs.

The client uses the get_nvts command to get NVT information.

This command may always include a details flag, a config, a sort
order and a sort field. If the command includes a details flag, the
manager also consults the timeout, preference_count and preferences
flags.

The NVT OID, family name and config attributes limit the listing to
a single NVT or all NVTs in a particular family and/or config.

If the details flag is present the manager will send full details
of the NVT, otherwise it will send just the NVT name.

With the preferences flag the manager includes in the listing, the
values of each listed NVT's preferences for the given config. The
timeout flag does the same for the special timeout preference.
If the config contains no values for a preference, the default value
of the preference is returned. The same applies if no config is given.

If the manager possesses an NVT collection, it will reply with the
NVT information. If the manager cannot access a list of available
NVTs at that time, it will reply with the 503 response.

7.61
Command get_nvt_feed_version

In short: Get NVT Feed version.

The client uses the get_nvt_feed_version command to request a
feed version for the complete NVT collection available through this
manager.

If the manager possesses such a collection, it will reply with a
response code indicating success, and the feed version files. If the
manager cannot access a list of available NVTs at present, it will reply
with the 503 response.

7.65
Command get_preferences

In short: Get one or many preferences.

The client uses the get_preferences command to get preference information.
If the command sent by the client was valid, the manager will reply with
a list of preferences to the client. If the manager cannot access a list
of available NVTs at present, it will reply with the 503 response.

When the command includes a config_id attribute, the preference element
includes the preference name, type and value, and the NVT to which the
preference applies. Otherwise, the preference element includes just the
name and value, with the NVT and type built into the name.

7.80.3 Example: Get the help text

Client

<help/>

Manager

<help_response status="200"
status_text="OK">
AUTHENTICATE Authenticate with the manager.
COMMANDS Run a list of commands.
CREATE_AGENT Create an agent.
CREATE_ALERT Create an alert.
CREATE_CONFIG Create a config.
CREATE_FILTER Create a filter.
CREATE_GROUP Create a group.
CREATE_LSC_CREDENTIAL Create a local security check credential.
CREATE_NOTE Create a note.
CREATE_OVERRIDE Create an override.
CREATE_PERMISSION Create a permission.
CREATE_PORT_LIST Create a port list.
CREATE_PORT_RANGE Create a port range in a port list.
CREATE_REPORT Create a report.
CREATE_REPORT_FORMAT Create a report format.
CREATE_ROLE Create a role.
CREATE_SCANNER Create a scanner.
CREATE_SCHEDULE Create a schedule.
CREATE_SLAVE Create a slave.
CREATE_TAG Create a tag.
CREATE_TARGET Create a target.
CREATE_TASK Create a task.
CREATE_USER Create a new user.
DELETE_AGENT Delete an agent.
DELETE_ALERT Delete an alert.
DELETE_CONFIG Delete a config.
DELETE_FILTER Delete a filter.
DELETE_GROUP Delete a group.
DELETE_LSC_CREDENTIAL Delete a local security check credential.
DELETE_NOTE Delete a note.
DELETE_OVERRIDE Delete an override.
DELETE_PERMISSION Delete a permission.
DELETE_PORT_LIST Delete a port list.
DELETE_PORT_RANGE Delete a port range.
DELETE_REPORT Delete a report.
DELETE_REPORT_FORMAT Delete a report format.
DELETE_ROLE Delete a role.
DELETE_SCANNER Delete a scanner.
DELETE_SCHEDULE Delete a schedule.
DELETE_SLAVE Delete a slave.
DELETE_TAG Delete a tag.
DELETE_TARGET Delete a target.
DELETE_TASK Delete a task.
DELETE_USER Delete an existing user.
DESCRIBE_AUTH Get details about the used authentication methods.
DESCRIBE_CERT Get details of the CERT feed this Manager uses.
DESCRIBE_FEED Get details of the NVT feed this Manager uses.
DESCRIBE_SCAP Get details of the SCAP feed this Manager uses.
EMPTY_TRASHCAN Empty the trashcan.
GET_AGENTS Get one or many agents.
GET_ALERTS Get one or many alerts.
GET_CONFIGS Get one or many configs.
GET_FILTERS Get one or many filters.
GET_GROUPS Get one or many groups.
GET_INFO Get raw information for a given item.
GET_LSC_CREDENTIALS Get one or many local security check credentials.
GET_NOTES Get one or many notes.
GET_NVTS Get one or all available NVTs.
GET_NVT_FAMILIES Get a list of all NVT families.
GET_NVT_FEED_VERSION Get NVT feed version.
GET_OVERRIDES Get one or many overrides.
GET_PERMISSIONS Get one or many permissions.
GET_PORT_LISTS Get one or many port lists.
GET_PREFERENCES Get preferences for all available NVTs.
GET_REPORTS Get one or many reports.
GET_REPORT_FORMATS Get one or many report formats.
GET_RESULTS Get results.
GET_ROLES Get one or many roles.
GET_SCANNERS Get one or many scanners.
GET_SCHEDULES Get one or many schedules.
GET_SETTINGS Get one or many settings.
GET_SLAVES Get one or many slaves.
GET_SYSTEM_REPORTS Get one or many system reports.
GET_TAGS Get one or many tags.
GET_TARGETS Get one or many targets.
GET_TASKS Get one or many tasks.
GET_USERS Get one or many users.
GET_VERSION Get the OpenVAS Manager Protocol version.
HELP Get this help text.
MODIFY_AGENT Modify an existing agent.
MODIFY_ALERT Modify an existing alert.
MODIFY_AUTH Modify the authentication methods.
MODIFY_CONFIG Update an existing config.
MODIFY_FILTER Modify an existing filter.
MODIFY_GROUP Modify an existing group.
MODIFY_LSC_CREDENTIAL Modify an existing LSC credential.
MODIFY_NOTE Modify an existing note.
MODIFY_OVERRIDE Modify an existing override.
MODIFY_PERMISSION Modify an existing permission.
MODIFY_PORT_LIST Modify an existing port list.
MODIFY_REPORT Modify an existing report.
MODIFY_REPORT_FORMAT Modify an existing report format.
MODIFY_ROLE Modify an existing role.
MODIFY_SCANNER Modify an existing scanner.
MODIFY_SCHEDULE Modify an existing schedule.
MODIFY_SETTING Modify an existing setting.
MODIFY_SLAVE Modify an existing slave.
MODIFY_TAG Modify an existing tag.
MODIFY_TARGET Modify an existing target.
MODIFY_TASK Update an existing task.
MODIFY_USER Modify a user.
RESTORE Restore a resource.
RESUME_TASK Resume a task.
RUN_WIZARD Run a wizard.
START_TASK Manually start an existing task.
STOP_TASK Stop a running task.
SYNC_CERT Synchronize with a CERT feed.
SYNC_FEED Synchronize with an NVT feed.
SYNC_SCAP Synchronize with a SCAP feed.
TEST_ALERT Run an alert.
VERIFY_AGENT Verify an agent.
VERIFY_REPORT_FORMAT Verify a report format.
</help_response>

7.83.3 Example: Modify a single setting for an authentication method

7.84
Command modify_config

In short: Modify an existing config.

This command can take five forms: with a preference, with a family
selection, with an NVT selection, or with a name or comment.

The first form modifies a preference on the config.
If the preference includes an NVT, then the preference is an NVT preference,
otherwise the preference is a scanner preference. If the preference includes
a value then the manager updates the value of the preference, otherwise the
manager removes the preference. The value must be base64 encoded.

The second form, with a family selection, lets the client modify the
NVTs selected by the config at a family level. The idea is that the
client modifies the entire family selection at once, so a client will
often need to include many families in a family selection.

The family_selection may include a growing element to indicate whether new
families should be added to the selection. It may also include any number
of family elements.

A family element must always include a name and may include a growing element
and an all element. The all element indicates whether all NVTs in the family
should be selected. The growing element indicates whether new NVTs in the
family should be added to the selection as they arrive. Leaving a family
out of the family_selection is equivalent to including the family with all
0 and growing 0.

The effect of the all 0 and growing 0 case is subtle: if
all NVTs were selected then all are removed (effectively removing the
family from the config). However if some NVTs were selected then they
remain selected. As a result the client must include in the
family_selection all families that must have all NVTs selected.

The third option, an NVT selection, must include a family and may include any
number of NVTs. The manager updates the given family in the config to
include only the given NVTs.

If there was no error with the command sent by the client, the manager will
apply the changes to the config and will reply with a response code indicating
success.

7.96.3 Example: Modify the name of a schedule

7.97
Command modify_setting

In short: Modify an existing setting.

The client uses the modify_setting command to change an existing
setting. These are user settings that can be controlled via OMP.
The settings "Password" and "Timezone" can be modified by name, the
rest by UUID.

7.111.3 Example: Test an alert

7.112
Command verify_agent

In short: Verify an agent.

The client uses the verify_agent command to verify the trust
level of an existing agent.

The Manager checks whether the signature of the agent currently
matches the agent. This includes the agent installer file.
The Manager searches for the signature first in the feed, then
in the agent itself.

7.112.3 Example: Verify an agent

7.113
Command verify_report_format

In short: Verify a report format.

The client uses the verify_report_format command to verify the trust
level of an existing report format.

The Manager checks whether the signature of the report format currently
matches the report format. This includes the script and files used
to generate reports of this format. The Manager searches for the
signature first in the feed, then in the report format itself.

8 Compatibility Changes in Version
6.0

8.1
Change in PAUSE_TASK, RESUME_PAUSED_TASK

The task pausing feature has been removed and thus, the PAUSE_TASK and
RESUME_PAUSED_TASK commands don't exist anymore.

8.2
Change in GET_NOTES, GET_OVERRIDES, GET_REPORTS, GET_RESULTS

In short: Element RISK_FACTOR removed from element NVT.

Risk factors have been replaced by CVSS scores in all NVTs, so the
RISK_FACTOR element has been removed from the NVT elements in
various commands.

8.3
Change in RESUME_STOPPED_TASK, RESUME_TASK

In short: RESUME_STOPPED_TASK renamed to RESUME_TASK.

The resuming of tasks is now done via the new command RESUME_TASK,
which is the former RESUME_STOPPED_TASK. There is no other resumable
status than "stopped" anymore and thus the command names are
consolidated for consistency and to avoid confusion.

8.4
Change in RESUME_OR_START_TASK

In short: Command removed.

As part of the consolidation of the start/resume handling of tasks,
the command RESUME_OR_START_TASK was removed. Use a combination of
START_TASK and RESUME_TASK to establish the same functionality.

8.5
Change in CREATE_TARGET, MODIFY_TARGET

In short: Element TARGET_LOCATOR removed.

The element TARGET_LOCATOR was removed from CREATE_TARGET and
MODIFY_TARGET. This was an older, unused feature.

8.6
Change in GET_RESULTS

In short: "result" elements moved to response root element.

The "result" elements returned by the GET_RESULTS command are no
longer nested inside a "results" element but directly inside the
"get_results_response". The "results" element is used to return the
"max" and "start" attributes like similar elements for other types.

8.7
Change in GET_TARGET_LOCATORS

In short: Command removed.

The command GET_TARGET_LOCATORS was removed.

8.8
Change in GET_TASKS

In short: Attribute "rcfile" and associate RCFILE removed.

The attribute "rcfile" and associate response element RCFILE were
removed. It is no longer possible to get an openvasrc configuration
for a task. This feature was primarily introduced to support the
GTK frontend openvas-client, which is no longer maintained.

8.9
Change in CREATE_CONFIG, CREATE_TASK, MODIFY_TASK

In short: RCFILE removed.

The element RCFILE was removed. It is no longer possible to create
or modify a config or task from an openvasrc file. This feature was
primarily introduced to support the GTK frontend openvas-client, which
is no longer maintained.

8.10
Change in CREATE_LSC_CREDENTIAL

In short: KEY/PUBLIC removed.

The child PUBLIC of element KEY was removed, because public keys are
now extracted from the private key.